Closed Sp1l closed 7 months ago
Hey,
It's a bit hidden in the comments on the PR but if present the preferred_username
is used (it's in the spec too).
Will add it to the doc somewhere.
Alternatively using name
has been mentioned but I didn't want to have to handle localization.
Hi,
Thanks. Found the reference to preferred_username
here https://github.com/Timshel/vaultwarden/blob/main/src/sso.rs#L418
What I'm after is when an SSO login triggers a new account creation, that the new user's "Name" as shown in "My account" in web-vault is populated with the given_name
and family_name
from the Claim. Looking at the openidconnect docs these are available in some way as EndUserGivenName and EndUserFamilyName structs.
You should be able to configure how the preferred_username
is constructed in your sso configuration.
This way you can set the combination of given_name
and family_name
you want, it will then be picked-up on account creation (It won't be updated later-on).
Found reference in EntraID docs.
preferred_username
: Provides the preferred username claim within v1 tokens. This claim makes it easier for apps to provide username hints and show human readable display names, regardless of their token type. It's recommended that you use this optional claim instead of using, upn
or unique_name
.
I was mistaken in thinking this would be what the user-id becomes. So learned something new today!
Fresh logins with EntraID result in the username being equal to the email-address (UserPrincipalName) in the newly created Vaultwarden account.
OIDC spec returns
given_name
andfamily_name
by default. Would be great if the standard claims can be used to populate (or even force overwrite, perhaps with a flag) the values in the user's profile.